VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello

I connect to a remote computer with an IP Address of 10.x.x.x via Cisco Anyconnect Secure Mobility Client on a Windows 10 pro host with IP Address of 192.168.1.xx. I need a virtual machine with Windows 10 Pro (VM Workstation) currently IP Address of 192.168.1.x on the Windows 10 Pro Host to access that computer. I can ping the remote computer on the Host, but not on the vm workstation. I tried installing the Cisco Anyconnect Secure Mobility Client on the VM, and it connects, but I still can't ping the remote computer. I tried setting tweaking the VM Workstation's network adapter to Bridged, Bridged with replicate physical network state, NAT, Host Only, but no ping. I turned off Firewalls on Host and VM....

Thank you!
0
Improved Protection from Phishing Attacks
LVL 1
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Users are unable to connect to remote access VPN

Our users are unable to connect to the VPN at certain times of the day. Users have laptops with Windows 7 and Windows 10 OS. The headend is a Cisco 5540 ASA.
Authentication is done with Certificates that are stored on a smart card that must be inserted into the laptop and accessed with a PIN.  
This is affecting users with both Anyconnect version 4.3 and 4.5. The smart card reader software is ActivClient ActivID version 7.1.0
The error message that the users get is Certificate Validation failed


I have taken DART logs from a connection attempt that was successful and from one that failed. These are both attempts after logging into windows so the user cert store should be available
I tried to cut them to the point where they start to differ
  Below is the successful attempt

******************************************

Date        : 05/17/2018
Time        : 21:38:46
Type        : Information
Source      : acvpnui

Description : Function: ConnectMgr::processResponseString
File: ConnectMgr.cpp
Line: 10815
Client certificate requested by peer (via AggAuth)


******************************************

Date        : 05/17/2018
Time        : 21:38:47
Type        : Error
Source      : acvpnui

Description : Function: CTransportWinHttp::SendRequest
File: CTransportWinHttp.cpp
Line: 1256
Invoked Function: HttpSendRequest
Return Code: 12044 (0x00002F0C)
Description: A certificate is required to …
0
I have an urgent issue and can't seem to find an answer. 

The client has server 2012 A software VPN is setup.  Which is no longer working. 
server had GDATA installed which I removed and reinstalled webroot. Then restarted the server.

 Since this I have not been able to get the VPN working again. I have tried running removal tools for Webroot, Gdata and disabled the windows firewall, however, no success at all. Still no VPN access. 

Does anyone have any suggestions ? 

Error is

The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
0
I am wanting to set a user up with a roaming profile. they have a surface they use at the office. When they are out they vpn in to connect to resources. I am setting them up a hyper v machine that I want to look and feel like there current desktop. Any ideas on this one.
0
In a network environment, is it possible to configure a wireless router which uses a different network structure address than the rest of the wired network?
The reason for this request is that several IP addresses are being used, therefore another set of different IP address is required for wireless internet access.
Devices connected to the wireless do not need to be connected to the network which is on the hardwired network.  The wireless router is simply for internet access.
The current internet from the modem is going directly into an existing VPN, and so there is not an option to connect the internet from then modem directly into the wireless router.
Is there a way to perhaps use an ethernet connection from the existing wired network into a wireless router, and then transmit a different set of possible IP addresses for wireless internet access only?   For instance if the wired network starts with 191.... but the wireless network starts with 10.... is this possible?
0
user trying to access an internal system via chrome, system is hosted on Azure VM, VPN set up to connect to server from HQ. User is in another location which has a VPN tunnel connected to HQ. The other location has no VPN tunnel to the Azure server, this is not possible.

System can be accessed externally using normal web address however because the user is in an location that is connected to HQ via the VPN chrome is trying to use the VPN tunnell to connect.

Can a batch file be created to route the traffic for this address out through the internet connection instead of the VPN tunnel
0
Hello,

We're in the process of configuring a Cisco CSR router within Azure. Users connect to the Cisco CSR router via the AnyConnect VPN client and authenticate via Azure MFA. Users are able to connect to the VPN and authenticate successfully with Azure MFA. However, we are unable to connect to any devices/services within Azure once we are connected to VPN. The Cisco CSR router can ping all devices/services within Azure without any issues, but users are unable to communicate with any devices/services while connected via VPN.

Any ideas?

Thanks!
0
Hi ,

we have subsidiary company with around 150 Users . it is linked to us (HO ) over IPVPN (1 MB)  and services getted from Us are :

1- CISCO IP telephone ( currently around 75 Users)
2- ERP ( about 50 USers)

thier existign Setup :

1- Domain COntroller ( seprate totally from us ) + Antivirus server ( 1 physical box)
2-finance system
3-Backup Server
4-Sonicwall NSA2600
5-Switches
7-Router for IPVPN

the managment is thinking to host the setup for the subsidary company so my questions are:

1- how I can do the proper sizing for the link ? so i ensure the users are not feeling slowness
2-what equipment should i move from there and what i should not ? best desing fro myour experince
3- how the internet should be provided to thier users ? from us or locally ?
4- what are the adv and disadvanage for such plan? should we recommend this plan or let them continue as they are
5- risks?
6- what are the pre requisits needed in the HO Data Center for hosting those equipment
0
Remote Desktop Connections and VPN Connections Fail. Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages on authentication when they try to remote to machines or VPN. Here's the cause, symptoms and simple workaround.
0
We have a Windows 10 Pro box with two network interface cards.

We have one application we would like to run normally, as you would any application in Windows.

We have another application that must to be run through a VPN.

The computer can accommodate both however it is not strong enough to run a VM to separate them.

Is there a program or setting to run one application through one card and one application with the VPN through the other card?
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

It seems that the documentation about IPsec/IKE setup on an SRX to Azure s2s VPN is conflicting.  There are 3 pain points:

1.  Can IPsec/IKE be used on a policy-based VPN for Azure? It seems that Azure is clear about "no" but the suggested Azure config includes IPsec & IKE config
2.  Which IKE version is best for SRX to Azure - v1 or v2, when using Policy Based or Route-Based VPN? (see attachment)
3.  If a trust sec zone (internal interf.) and an unstrust sec. zone (exter. interf.) already exists, how can I add interfaces that are in one of those zones already to a new "Internal & Internet Zone" for the Azure VPN Tunnel as documentation suggests?  I receive an SRX error about adding interfaces to multiple zones prohibited and if using PB VPN there is no st0.x to that config and/or I don't understand how to utilize or place the traditional interface under the st0.x iface.

SRX ERROR:

commit check
[edit security zones security-zone Internal]
  'interfaces ge-0/0/1.0'
    Interface ge-0/0/1.0 already assigned to another zone
error: configuration check-out failed



I found this on Azure's site - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

Azure IKE Doc found on Azure Site
Azure States no IPsec for Policy-Based
Azure IKE Doc found on Azure Sitejuniper-no-ikev2.png
0
Hi experts,

I connect to VPN to a clients environment via Cisco AnyConnect Secure Mobility Client.  Once connected I then remote desktop into the machine at the client and I can work etc.

Whenever I do this I lose all internet access from the laptop I connect through at my home.  So I can't have an email client running locally as it will not connect to email server.  I can't minimize the remote desktop and browse internet with a local browser.  It's like it completely takes over my internet for some reason.

So I created a new VM via VMWare and thought I would just use the VM to vpn into the client as the VM should share the internet connection.   To my surprise, even when I do that, the internet will not work on my local machine.  The VM completely takes over my entire internet once I connect to Cisco AnyConnect.

I figure this is probably security related but is there anywhere or any setting I can do so it shares the connection?

Or in VMWare something where it won't allow it to take over entire connection?

Thanks for any inisight.
0
PPTP VPN on Linux Mint won't connect to Windows Server 2016 server. Windows 10 will connect PPTP both externally and internally. Linux fails with an error saying "VPN disconnected because the VPN service stopped"
Server 2016 VPN is set to use MSCHAPv2 only.
WIndows 10 connects when set to use MSCHAPv2 only.
0
I am trying to set up a S2S VPN Tunnel between Azure & on prem SRX.  The configuration templates suggested for the VPN config on the SRX require that the external and internal interfaces on the SRX be placed in "Internal & External " Zones.  However, when I place the interfaces in those Zones I get a commit error because the interfaces are already in the "Trust" and "Untrust" Security Zones.  I don't know if I should:

A.   remove those interfaces from those zones (w/o breaking anything), or
B.  change the name of the "Internal & External" zones to "Trust & Untrust" ?


Also, the configuration template requires that I add address-books but global address books are already created.  So , I used a method to "attach" to an address book but not sure if this is why the VPN Tunnel is not coming up.

Not sure how to address this request in the template.  Should I omit this information?  I used the "attach " to address-book method.  Not sure if that is stopping the VPN tunnel because it never came up.

COMMIT ERROR OUTPUT:

admin@875Ave# commit check
[edit security zones security-zone Internet]
  'interfaces ge-0/0/0.0'
    Interface ge-0/0/0.0 already assigned to another zone
error: configuration check-out failed


[edit security zones security-zone Internal]
  'address-book'
    Zone specific address books are not allowed when there are global address books defined
[edit security zones security-zone Internet]
  'address-book'
    Zone specific …
0
Any help with resolving issue with S2S AZURE VPN <<to>> on prem SRX would be greatly appreciated.  I think that the issue is w/the SRX config because I am not even seeing successful completion of phase 1.  Also, when entering the config I received several "commit failures", although I made changes to get a successful commit I had to make several changes to the config for the SRX - PLEASE HELP!!!!

AZURE CONFIG DETAILS:

Active-Standby VPN gateway (single public IP address)

/Data/VNG_GATEWAYIP   = 40.114.24.XX

!     Active-Active VPN gateway (2 public IP addresses)

/Data/VNG_GATEWAYIPS/IpAddress/IP = 40.114.24.XX

! [3] Public IP address of the on-premises VPN device

/Data/LNG_GATEWAYIP   = 50.205.245.XX

! [4] VNet address prefixes: a list of all VNet address prefixes in different formats

/Data/VnetSubnets/Subnet/SP_NetworkIpRange = 10.30.0.0
  SP_NetworkSubnetMask   = 255.255.0.0
  SP_NetworkWildcardBits = 0.0.255.255
  SP_NetworkCIDR         = 10.30.0.0/16
  SP_TunnelName          = SP_TunnelName

! [5] On-premises address prefixes: a list of all on-premises address prefixes defined in LNG

/Data/OnPremiseSubnets/Subnet/SP_NetworkIpRange = 192.168.20.0
  SP_NetworkSubnetMask   = 255.255.255.0
  SP_NetworkWildcardBits = 0.0.0.255
SP_NetworkCIDR         = 192.168.20.0/24
  SP_TunnelName          = SP_TunnelName


SRX CONFIGURATION:

<style type="text/css">p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 19.0px; …
0
I am unable to resolve dns over site to site vpn.  I have several remotes sites connected to the main office through a meraki site to site vpns.  I can resolve by ip addresses but dns does not resolve.
0
Hello everyone :)
I have several employees in several states that are currently not connected via VPN. I need to access your computers for my help desk team to act on requests but I do not want to use Team Viewer. The access will do across internet. What would be the best Microsoft strategy in this case, without using VPN? RD Gateway? DirectAccess?
0
We are facing a problem exchanging information in HL7 protocol in a standard environment listener\receiver.
Our application works fine on a plain network, get some errors on an ipsec vpn tunnel.
I'm not an expert, seems to be a problem related to packet fragmentation, any packets are truncated and cannot be managed.
this no happens on the same lan, so we are pointing to MTU or SECURITY CONTROL applied on vpn.
Can you help me ?
Sorry , i'm not providing many details, please ask me what you think is important..
Thanks
M
0
In our datacenter we have a ASA pair (failover active/standby) which are connected to 2 ISP's. We are currently migrating from ISP1 to ISP2 and are using Policy Based Routing (PBR) on the ASA to make the transition smooth. We can pace the migration and move services step by step to the new ISP.

Everything seems to be working pretty well with PBR except for a problem with some site-to-site VPN-connections. We have a couple of site-to-site connections coming in on the ASA, for some we have access to both endpoints, for others the endpoint is managed by a third party. So originally the site-to-site connections are terminated by the ASA on ISP1, the remote end is connecting to the WAN IP of ISP1. To migrate we want to terminate the VPN on ISP2 on the ASA. So we reconfigure the remote endpoint to connect to the WAN IP of ISP2.

During the migration we use ISP1 as default (lowest metric in static route). With PBR we make sure that VPN traffic from and to ISP2 is routed correctly.

For Site-REMOTE1 and site-REMOTE2 this is working flawlessly, the remote endpoints are now connecting via ISP2 and are setting up a tunnel where we can see traffic TX and RX on both endpoints. Services at both ends working and tunnel is functioning.

For Site-REMOTE3 we see incoming and outgoing traffic on the ASA in the datacenter, but the remote endpoint is not receiving traffic (RX = 0). The tunnel is online and counter for RX datacenter ASA = counter TX REMOTE ASA.


If I switch
0
Cloud Class® Course: CompTIA Cloud+
LVL 12
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Hi Guys

I am looking for the experts in the security field that could help me with this one.
What would be the pros and cons when it comes to open source firewalls and commercial firewalls?

IE support / costs etc.

What would be the best to use, that would be compatible with Azure VPN Route base and policy based routing for site to site / remote branch connectivity?
0
We are looking to set up a point to point vpn with sonicwall on our end and watchguard on the clients end. We'll be using that to set up crashplan backup on virtual machines. Two questions.
1. Is it pretty straightforward to set up the point-to-point between sonicwall and watchguard?
2. Once that is established, would we need a backup device for each VM (say we have 3) or would backing them up to one device with designated partitions work ok?
0
Using a Cisco Miraki VPN to access a windows 2012 R2 server shared drives. User is in China and the VPN works but he cannot access the shared drives. He has permissions and i set up a PC here locally and was able to access shared drives through VPN. Why cant he access them from China?
0
I migrated from a 2003 server to a 2016 server.  After the fact, the client informed me that they were using PPTP to connect remote users.  I have gone through the RRAS setup and have installed the necessary role.  The server manager says all is running correctly.  I am using the same IP address in the 2nd NIC of the new server so I do not have to modify the firewall.  This is the same NIC I selected when I setup RRAS, so the binding appears to be correct. When I attempt to connect from a client, I am getting a 807 error code.
How can I confirm the settings on the server to verify the CHAP settings and so on?
0
I have setup a test computer and installed a 180 day copy of Windows Server 2016 Essentials. I am learning about vpn setup in Server. During the setup process I created a local domain name and a self signed certificate. I got a message about ports 443 and 80 being blocked. I setup port forwards and after checking aging there was no error. I have attempted to connect to this vpn but have been unable to do so using Win7 vpn and Win10 vpn. I can connect to it on my LAN but this is the only way. I have read lots of pages but none of them have gotten me where I would like to be. My internet service provides a dynamic address. I know this can be a problem but the address has not changed throughout my testing. I am not using a business class router. In the information I read I kept seeing comments about an automatic router setup in the Anywhere Access setup. I never saw this. I will answer your comments to the best of my ability.
0
I have a CISCO RV320 and I need to configure an IPSEC client on a MAC. I have tried SHIMO, and the MAC native VPN configuration, however I cant seem to make it connect. I have not been able to find the CISCO EASYVPN software for MAC since CISCO has discontinued the software support. Any thoughts?

Dan
0

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.